File: test_rule.py

package info (click to toggle)
scap-security-guide 0.1.76-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 110,644 kB
  • sloc: xml: 241,883; sh: 73,777; python: 32,527; makefile: 27
file content (71 lines) | stat: -rw-r--r-- 3,119 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
 
import os
import pytest

from ssg_test_suite import rule
from tests.ssg_test_suite.rule import Scenario
from ssg.constants import OSCAP_PROFILE_ALL_ID

DATADIR = os.path.abspath(os.path.join(os.path.dirname(__file__), "data"))


def test_scenario():
    file_name = "correct.pass.sh"
    file_contents = open(os.path.join(DATADIR, file_name)).read()
    s = Scenario(file_name, file_contents)
    assert s.script == file_name
    assert s.contents == file_contents
    assert s.context == "pass"
    assert len(s.script_params["packages"]) == 2
    assert "sudo" in s.script_params["packages"]
    assert "authselect" in s.script_params["packages"]
    assert len(s.script_params["platform"]) == 2
    assert "multi_platform_rhel" in s.script_params["platform"]
    assert "Fedora" in s.script_params["platform"]
    assert len(s.script_params["profiles"]) == 1
    assert "xccdf_org.ssgproject.content_profile_cis" in \
        s.script_params["profiles"]
    assert OSCAP_PROFILE_ALL_ID not in s.script_params["profiles"]
    assert len(s.script_params["check"]) == 1
    assert "oval" in s.script_params["check"]
    assert len(s.script_params["remediation"]) == 1
    assert "none" in s.script_params["remediation"]
    assert len(s.script_params["variables"]) == 2
    assert "var_password_pam_remember=5" in s.script_params["variables"]
    assert "var_password_pam_remember_control_flag=requisite" in \
        s.script_params["variables"]
    assert len(s.script_params["templates"]) == 0
    assert s.matches_regex(r".*pass\.sh")
    assert s.matches_regex(r"^correct.*")
    assert not s.matches_regex(r".*fail\.sh")
    assert not s.matches_regex(r"^wrong")
    assert s.matches_platform({"cpe:/o:redhat:enterprise_linux:10"})
    assert not s.matches_platform({"cpe:/o:debian:debian:8"})
    assert s.matches_check({"oval"})
    assert not s.matches_check({"sce"})
    assert not s.matches_check({"fancy_unsupported_language"})
    assert not s.matches_check({})


def test_scenario_defaults():
    file_name = "correct_defaults.pass.sh"
    file_contents = open(os.path.join(DATADIR, file_name)).read()
    s = Scenario(file_name, file_contents)
    assert s.script == file_name
    assert s.contents == file_contents
    assert s.context == "pass"
    assert len(s.script_params["profiles"]) == 1
    assert OSCAP_PROFILE_ALL_ID in s.script_params["profiles"]
    assert len(s.script_params["templates"]) == 0
    assert len(s.script_params["packages"]) == 0
    assert len(s.script_params["platform"]) == 1
    assert "multi_platform_all" in s.script_params["platform"]
    assert len(s.script_params["check"]) == 1
    assert "any" in s.script_params["check"]
    assert len(s.script_params["remediation"]) == 1
    assert "all" in s.script_params["remediation"]
    assert len(s.script_params["variables"]) == 0
    assert s.matches_platform({"cpe:/o:redhat:enterprise_linux:10"})
    assert s.matches_platform({"cpe:/o:debian:debian:12"})
    s.override_profile("xccdf_org.ssgproject.content_profile_cis")
    assert "xccdf_org.ssgproject.content_profile_cis" in \
        s.script_params["profiles"]